Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After Combofix, ZeroAccess is gone but no Internet


  • This topic is locked This topic is locked
50 replies to this topic

#1 haremboss

haremboss

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 28 March 2012 - 01:32 PM

- Running Windows XP Home SP3.
- After experiencing Google Redirect and ZeroAccess Viruses, I ran MS Security Essentials then Combofix multiple times.
- ZeroAccess seems to be gone but now I can't connect to the Internet - Status "Limited or No Connectivity"
- Trying to repair my connection gave me the message: "
"Windows could not finish repairing the problem because the following action could not be completed - Renewing your IP Address"
- I ran FarBar and got the following status. FarBar scan is in my original post - see link below

Would really appreciate help! Thanks so much!!!

Original Post (includes FarBar scan): http://www.bleepingcomputer.com/forums/topic447816.html
DDS and GMER Scans follow:

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Rick at 17:09:15 on 2012-03-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.867 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Soluto\soluto.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Rick\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxebserv.exe
C:\Program Files\Soluto\SolutoService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxebcoms.exe
svchost.exe
c:\program files\google\gmail notifier\gnotify.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.glarysoft.com/?src=iehome
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://isearch.glarysoft.com/?src=iehome
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: FCToolbarURLSearchHook Class: {da879c19-9088-418b-a63a-2e6fb294eaf0} - c:\program files\aadvantage eshoppingsm toolbar\Helper.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Freecause Toolbar BHO: {5712a6bb-b6c8-4e52-a152-1ba741c9a6a2} - c:\program files\aadvantage eshoppingsm toolbar\Toolbar.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: AAdvantage eShoppingSM Toolbar: {85741f1d-ed47-4dcf-9109-07d10213c4d0} - c:\program files\aadvantage eshoppingsm toolbar\Toolbar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [Facebook Update] "c:\documents and settings\rick\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [lxebmon.exe] "c:\program files\lexmark pro200-s500 series\lxebmon.exe"
mRun: [EzPrint] "c:\program files\lexmark pro200-s500 series\ezprint.exe"
mRun: [Lexmark Pro200-S500 Series Fax Server] "c:\program files\lexmark pro200-s500 series\fm3032.exe" /s
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\rick\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\rick\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\rick\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271432949945
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://construction3.muhlenberg.edu/activex/AMC.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{9FD5AB9F-05FE-4B2C-BC3A-3823BA4046BF} : DhcpNameServer = 10.0.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rick\application data\mozilla\firefox\profiles\xzh35w1c.default\
FF - prefs.js: browser.search.selectedEngine - Thesaurus - Reference.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 1
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [2012-3-26 26872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-18 64288]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2011-6-1 51144]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl2ce1bcba;MpKsl2ce1bcba;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7ed907c0-735c-464e-8331-82f87758cc94}\MpKsl2ce1bcba.sys [2012-3-27 29904]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-11-23 497496]
R2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxebserv.exe [2010-5-11 193192]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2011-5-28 364576]
R3 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
S2 aawservice;Cavasm;c:\windows\system32\svchost.exe -k netsvcs [2002-9-3 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-2 136176]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-4-17 79360]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-2 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-11-16 267568]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-9-3 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-27 20:36:00 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7ed907c0-735c-464e-8331-82f87758cc94}\MpKsl2ce1bcba.sys
2012-03-27 18:55:43 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7ed907c0-735c-464e-8331-82f87758cc94}\mpengine.dll
2012-03-27 16:22:07 -------- d-----w- C:\ComboFix
2012-03-27 14:24:29 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-03-26 23:28:52 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2012-03-26 20:53:38 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-03-26 20:49:23 98816 ----a-w- c:\windows\sed.exe
2012-03-26 20:49:23 518144 ----a-w- c:\windows\SWREG.exe
2012-03-26 20:49:23 256000 ----a-w- c:\windows\PEV.exe
2012-03-26 20:49:23 208896 ----a-w- c:\windows\MBR.exe
2012-03-26 20:43:47 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-03-26 20:43:47 -------- d-----w- c:\documents and settings\rick\application data\FixTDSS
2012-03-24 15:55:32 42960 ----a-w- c:\windows\system32\drivers\jvvmxqti.sys
2012-03-21 20:30:03 -------- d-----w- c:\documents and settings\rick\.gimp-2.6
2012-03-21 20:28:21 -------- d-----w- c:\program files\GIMP-2.0
2012-03-17 17:42:25 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-17 17:42:25 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-11 18:20:44 -------- d-----w- c:\program files\common files\Software Update Utility
2012-03-10 14:47:49 -------- d-----w- c:\program files\iPod
2012-03-10 14:47:43 -------- d-----w- c:\program files\iTunes
2012-03-10 01:32:32 4431872 ----a-w- c:\windows\system32\GPhotos.scr
.
==================== Find3M ====================
.
2012-03-26 16:22:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 16:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 17:10:12.46 ===============
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-28 08:28:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD5000AAKB-00H8A0 rev.05.04E05
Running: kd46lo0r.exe; Driver: C:\DOCUME~1\Rick\LOCALS~1\Temp\awtyrkob.sys

------------------------------------------------------------------------------------------------------------

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF766787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7667BFE]

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Rick\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[508] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\system32\SearchIndexer.exe[2292] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:45 AM

Posted 31 March 2012 - 10:48 AM

Hi,

Could you post me the most recent ComboFix log as well please - it should be located at C:\ComboFix.txt

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 haremboss

haremboss
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 31 March 2012 - 07:24 PM

Hi Thanks for your reply!
I ran Combofix a couple of times and here is the latest log:

ComboFix 12-03-27.02 - Rick 03/27/2012 12:26:40.13.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.895 [GMT -4:00]
Running from: I:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-27 16:20 . 2012-03-27 16:20 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C66C776-203F-4E56-8E49-0ED1646D70C0}\MpKsl1b7a352c.sys
2012-03-27 14:50 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C66C776-203F-4E56-8E49-0ED1646D70C0}\mpengine.dll
2012-03-27 14:24 . 2012-03-27 14:31 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-03-26 23:28 . 2008-04-13 19:15 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2012-03-26 20:53 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-03-26 20:43 . 2012-03-26 20:43 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-03-26 20:43 . 2012-03-26 20:43 -------- d-----w- c:\documents and settings\Rick\Application Data\FixTDSS
2012-03-24 15:55 . 2012-03-24 15:55 42960 ----a-w- c:\windows\system32\drivers\jvvmxqti.sys
2012-03-21 20:30 . 2012-03-21 20:33 -------- d-----w- c:\documents and settings\Rick\.gimp-2.6
2012-03-21 20:28 . 2012-03-21 20:28 -------- d-----w- c:\program files\GIMP-2.0
2012-03-17 17:42 . 2012-03-17 17:42 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-17 17:42 . 2012-03-17 17:42 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-11 18:20 . 2012-03-11 18:20 -------- d-----w- c:\program files\Common Files\Software Update Utility
2012-03-10 14:47 . 2012-03-10 14:47 -------- d-----w- c:\program files\iPod
2012-03-10 14:47 . 2012-03-10 14:49 -------- d-----w- c:\program files\iTunes
2012-03-10 01:32 . 2012-03-10 01:32 4431872 ----a-w- c:\windows\system32\GPhotos.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-26 16:22 . 2011-05-20 11:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 02:15 . 2011-10-17 17:17 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-15 16:01 . 2010-12-07 17:58 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01 . 2010-12-07 17:58 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-03 09:22 . 2002-09-03 17:11 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-10-17 17:16 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-11 19:06 . 2012-02-16 02:44 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2010-04-16 14:16 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-17 17:42 . 2011-03-22 22:42 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-27_02.08.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-27 16:17 . 2012-03-27 16:17 16384 c:\windows\temp\usgthrsvc\Perflib_Perfdata_fe0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{da879c19-9088-418b-a63a-2e6fb294eaf0}"= "c:\program files\AAdvantage eShoppingSM Toolbar\Helper.dll" [2010-05-28 243200]
.
[HKEY_CLASSES_ROOT\clsid\{da879c19-9088-418b-a63a-2e6fb294eaf0}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{26582F40-76E8-4A2A-B30C-26832801B787}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5712A6BB-B6C8-4E52-A152-1BA741C9A6A2}]
2010-05-28 21:00 1558528 ----a-w- c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{85741F1D-ED47-4DCF-9109-07D10213C4D0}"= "c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll" [2010-05-28 1558528]
.
[HKEY_CLASSES_ROOT\clsid\{85741f1d-ed47-4dcf-9109-07d10213c4d0}]
[HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{5E8947F8-3769-4215-877F-BEA00225DC12}]
[HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{85741F1D-ED47-4DCF-9109-07D10213C4D0}"= "c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll" [2010-05-28 1558528]
.
[HKEY_CLASSES_ROOT\clsid\{85741f1d-ed47-4dcf-9109-07d10213c4d0}]
[HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{5E8947F8-3769-4215-877F-BEA00225DC12}]
[HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Rick\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Rick\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Rick\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Rick\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"Facebook Update"="c:\documents and settings\Rick\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-02-11 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"P17Helper"="P17.dll" [2005-05-03 64512]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"lxebmon.exe"="c:\program files\Lexmark Pro200-S500 Series\lxebmon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files\Lexmark Pro200-S500 Series\ezprint.exe" [2010-01-18 139944]
"Lexmark Pro200-S500 Series Fax Server"="c:\program files\Lexmark Pro200-S500 Series\fm3032.exe" [2011-01-24 316072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-01-18 274608]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
c:\documents and settings\Helen\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Rick\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Rick\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-6-28 974848]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 19:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 17:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-07 04:54 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
2006-01-07 04:54 659456 ----a-w- c:\windows\system32\hphmon06.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=3 (0x3)
"HP Status Server"=3 (0x3)
"HP Port Resolver"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HPHUPD06"=c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1271440540\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1271440540\\ee\\AOLDesktop.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\lxebcoms.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\AAdvantage eShoppingSM Toolbar\\TroubleShooter.exe"=
"c:\\Program Files\\AAdvantage eShoppingSM Toolbar\\ToolbarUpdate.exe"=
"c:\\Documents and Settings\\Rick\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Documents and Settings\\Rick\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AirPort\\APUtil.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Rick\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Rick\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [3/26/2012 4:43 PM 26872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/18/2010 8:57 PM 64288]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [6/1/2011 8:53 AM 51144]
R1 MpKsl1b7a352c;MpKsl1b7a352c;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C66C776-203F-4E56-8E49-0ED1646D70C0}\MpKsl1b7a352c.sys [3/27/2012 12:20 PM 29904]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [11/23/2011 10:31 AM 497496]
R2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxebserv.exe [5/11/2010 3:57 PM 193192]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [5/28/2011 5:03 PM 364576]
R3 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/2/2010 2:53 PM 136176]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [4/17/2010 5:12 PM 79360]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/2/2010 2:53 PM 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 2:10 AM 267568]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/17/2010 3:22 PM 47360]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [9/3/2002 1:05 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL1B7A352C
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Packet
DCamUSBEMPIA
pivot
db2remotecmd
s3psddr
rt61
aawservice
SaiNtSub
se44mdm
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-03-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-527237240-492894223-839522115-1004Core.job
- c:\documents and settings\Rick\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-02-11 23:55]
.
2012-03-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-527237240-492894223-839522115-1004UA.job
- c:\documents and settings\Rick\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-02-11 23:55]
.
2012-03-27 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-04-17 03:31]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 18:53]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 18:53]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-492894223-839522115-1004Core.job
- c:\documents and settings\Rick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 23:13]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-492894223-839522115-1004UA.job
- c:\documents and settings\Rick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 23:13]
.
2012-03-27 c:\windows\Tasks\HP Usg Daily FY04.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2010-04-17 04:54]
.
2012-03-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2012-03-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-527237240-492894223-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2012-03-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-492894223-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2012-03-27 c:\windows\Tasks\SyncBack Daily Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-08-15 20:42]
.
2012-03-27 c:\windows\Tasks\SyncBack Weekly Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-08-15 20:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.glarysoft.com/?src=iehome
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://isearch.glarysoft.com/?src=iehome
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://construction3.muhlenberg.edu/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\xzh35w1c.default\
FF - prefs.js: browser.search.selectedEngine - Thesaurus - Reference.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 1
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-27 12:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3796)
c:\windows\system32\WININET.dll
c:\documents and settings\Rick\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
.
Completion time: 2012-03-27 12:39:34
ComboFix-quarantined-files.txt 2012-03-27 16:39
ComboFix2.txt 2012-03-27 14:17
ComboFix3.txt 2012-03-27 13:40
ComboFix4.txt 2012-03-27 02:11
ComboFix5.txt 2012-03-27 16:22
.
Pre-Run: 222,136,774,656 bytes free
Post-Run: 222,114,672,640 bytes free
.
- - End Of File - - D8C695E0B0BDE539E4D65898C51D5A35

#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:45 AM

Posted 01 April 2012 - 10:38 AM

Hi,

:step1: Could I also see the ComboFix-quarantined-files.txt - it will be located in C:\ComboFix\

:step2: We're going to reset your TCP/IP stack

  • Start > Programs > Accessories > Command prompt
  • Type the following commands
    netsh winsoch reset - hit Enter
    netsh int ip reset c:\resetlog.txt - hit Enter
  • Reboot your PC

Does your internet work now? Please post the file c:\resetlog.txt here for me.

Casey

Edited by Casey_boy, 01 April 2012 - 10:50 AM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 haremboss

haremboss
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 01 April 2012 - 11:33 AM

Hi Casey.
I tried resetting the TCP/IP stack per your instructions but Internet still does not work. The status of the connection is "limited or no connectivity" although it looks like I am connected to the LAN at 100 Mbps. I get the same message when I try to repair the connection: "Windows could not finish repairing the problem because the following action cannot be completed: Renewing your IP address."

Below is the resetlog. I found the combofix directory but it was empty. Its possible that I ran Microsoft Security Essentials after combofix and it deleted the combofix quarantined files. I would be happy to run combofix again if you want me to. Thanks for your help so far!

reset SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15\RegLocation
old REG_MULTI_SZ =
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain
SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain

deleted SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\MaxCacheEntryTtlLimit
deleted SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\NegativeSoaCacheTime
deleted SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\NetFailureCacheTime
reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{78EFF7B5-6CD9-4C82-A2AD-2DE0DE4EF73C}\NameServerList
old REG_MULTI_SZ =
<empty>

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{78EFF7B5-6CD9-4C82-A2AD-2DE0DE4EF73C}\NetbiosOptions
reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{D0942B77-FE1B-426D-848D-B3EC142EDB55}\NameServerList
old REG_MULTI_SZ =
<empty>

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{D0942B77-FE1B-426D-848D-B3EC142EDB55}\NetbiosOptions
deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{186329D4-3948-48A9-8DB4-D0C97AC348ED}\AddressType
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{186329D4-3948-48A9-8DB4-D0C97AC348ED}\DisableDynamicUpdate
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{186329D4-3948-48A9-8DB4-D0C97AC348ED}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{186329D4-3948-48A9-8DB4-D0C97AC348ED}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{186329D4-3948-48A9-8DB4-D0C97AC348ED}\UdpAllowedPorts
old REG_MULTI_SZ =
0

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9FD5AB9F-05FE-4B2C-BC3A-3823BA4046BF}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9FD5AB9F-05FE-4B2C-BC3A-3823BA4046BF}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9FD5AB9F-05FE-4B2C-BC3A-3823BA4046BF}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9FD5AB9F-05FE-4B2C-BC3A-3823BA4046BF}\IpAutoconfigurationSeed
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9FD5AB9F-05FE-4B2C-BC3A-3823BA4046BF}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9FD5AB9F-05FE-4B2C-BC3A-3823BA4046BF}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9FD5AB9F-05FE-4B2C-BC3A-3823BA4046BF}\UdpAllowedPorts
old REG_MULTI_SZ =
0

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C28A44CA-BE7B-42F7-AF9C-ECB67EA94447}\AddressType
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C28A44CA-BE7B-42F7-AF9C-ECB67EA94447}\DisableDynamicUpdate
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C28A44CA-BE7B-42F7-AF9C-ECB67EA94447}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C28A44CA-BE7B-42F7-AF9C-ECB67EA94447}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C28A44CA-BE7B-42F7-AF9C-ECB67EA94447}\UdpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableTaskOffload
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableIcmpRedirect
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableSecurityFilters
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpNumConnections
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution
reset SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\Class
old REG_DWORD = 1

reset SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\DnsPriority
old REG_DWORD = 7

reset SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\HostsPriority
old REG_DWORD = 6

reset SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\LocalPriority
old REG_DWORD = 5

reset SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\NetbtPriority
old REG_DWORD = 8

reset Linkage\Bind for ms_netbt. bad value was:
REG_MULTI_SZ =
\Device\Tcpip_{186329D4-3948-48A9-8DB4-D0C97AC348ED}
\Device\Tcpip_{9FD5AB9F-05FE-4B2C-BC3A-3823BA4046BF}
\Device\Tcpip_{C28A44CA-BE7B-42F7-AF9C-ECB67EA94447}
\Device\Tcpip_{D0942B77-FE1B-426D-848D-B3EC142EDB55}
\Device\Tcpip_{78EFF7B5-6CD9-4C82-A2AD-2DE0DE4EF73C}

reset Linkage\Route for ms_netbt. bad value was:
REG_MULTI_SZ =
"Tcpip" "{186329D4-3948-48A9-8DB4-D0C97AC348ED}"
"Tcpip" "{9FD5AB9F-05FE-4B2C-BC3A-3823BA4046BF}"
"Tcpip" "{C28A44CA-BE7B-42F7-AF9C-ECB67EA94447}"
"Tcpip" "NdisWanIp"

reset Linkage\Export for ms_netbt. bad value was:
REG_MULTI_SZ =
\Device\NetBT_Tcpip_{186329D4-3948-48A9-8DB4-D0C97AC348ED}
\Device\NetBT_Tcpip_{9FD5AB9F-05FE-4B2C-BC3A-3823BA4046BF}
\Device\NetBT_Tcpip_{C28A44CA-BE7B-42F7-AF9C-ECB67EA94447}
\Device\NetBT_Tcpip_{D0942B77-FE1B-426D-848D-B3EC142EDB55}
\Device\NetBT_Tcpip_{78EFF7B5-6CD9-4C82-A2AD-2DE0DE4EF73C}

reset Linkage\UpperBind for PCI\VEN_8086&DEV_1050&SUBSYS_01551028&REV_02\4&1C660DD6&0&40F0. bad value was:
REG_MULTI_SZ =
PSched

reset Linkage\UpperBind for ROOT\MS_NDISWANIP\0000. bad value was:
REG_MULTI_SZ =
PSched

<completed>

#6 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:45 AM

Posted 02 April 2012 - 09:22 AM

Hi,

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#7 haremboss

haremboss
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 02 April 2012 - 10:07 AM

Hi Casey. Thanks!
Here is the MiniToolBox Result log:
Rick

MiniToolBox by Farbar Version: 18-01-2012
Ran by Rick (administrator) on 02-04-2012 at 11:00:57
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.no_proxies_on", "http://localhost"
"network.proxy.type", 1

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : familycomputer

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-07-E9-75-2C-8D

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 0.0.0.0

Subnet Mask . . . . . . . . . . . : 0.0.0.0

Default Gateway . . . . . . . . . :

DHCP Server . . . . . . . . . . . : 10.0.1.1

DNS Servers . . . . . . . . . . . : 10.0.1.1

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 07 e9 75 2c 8d ...... Intel® PRO/100 VE Network Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 10003 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/01/2012 10:00:07 PM) (Source: Google Update) (User: Rick)Rick
Description: Network Request Error.
Error: 0x80072efd. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, named proxy=http=127.0.0.1, bypass=.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, named proxy=http=127.0.0.1, bypass=.
trying

Error: (04/01/2012 07:00:07 PM) (Source: Google Update) (User: Rick)Rick
Description: Network Request Error.
Error: 0x80072efd. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, named proxy=http=127.0.0.1, bypass=.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, named proxy=http=127.0.0.1, bypass=.
trying

Error: (04/01/2012 04:00:07 PM) (Source: Google Update) (User: Rick)Rick
Description: Network Request Error.
Error: 0x80072efd. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, named proxy=http=127.0.0.1, bypass=.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, named proxy=http=127.0.0.1, bypass=.
trying

Error: (04/01/2012 01:00:07 PM) (Source: Google Update) (User: Rick)Rick
Description: Network Request Error.
Error: 0x80072efd. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, named proxy=http=127.0.0.1, bypass=.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, named proxy=http=127.0.0.1, bypass=.
trying

Error: (04/01/2012 11:48:17 AM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(60:fb:42:2c:94:14@fe80::62fb:42ff:fe2c:9414._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (04/01/2012 11:46:09 AM) (Source: Bonjour Service) (User: )
Description: SendWakeupPacket error: sent -1 bytes: 10065

Error: (04/01/2012 11:46:09 AM) (Source: Bonjour Service) (User: )
Description: SendWakeupPacket error: sent -1 bytes: 10065

Error: (04/01/2012 11:46:09 AM) (Source: Bonjour Service) (User: )
Description: SendWakeupPacket error: sent -1 bytes: 10065

Error: (04/01/2012 11:46:09 AM) (Source: Bonjour Service) (User: )
Description: SendWakeupPacket error: sent -1 bytes: 10065

Error: (04/01/2012 11:46:08 AM) (Source: Bonjour Service) (User: )
Description: SendWakeupPacket error: sent -1 bytes: 10065


System errors:
=============
Error: (04/02/2012 11:00:02 AM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (04/02/2012 10:58:58 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
NetBT

Error: (04/02/2012 10:58:52 AM) (Source: Service Control Manager) (User: )
Description: The MobilityService service terminated with the following error:
%%126

Error: (04/02/2012 10:58:52 AM) (Source: Service Control Manager) (User: )
Description: The Nbf service terminated with the following error:
%%126

Error: (04/02/2012 10:58:52 AM) (Source: Service Control Manager) (User: )
Description: The DniVad service terminated with the following error:
%%126

Error: (04/02/2012 10:58:52 AM) (Source: Service Control Manager) (User: )
Description: The Axskbus service terminated with the following error:
%%126

Error: (04/02/2012 10:58:52 AM) (Source: Service Control Manager) (User: )
Description: The Deventagent service terminated with the following error:
%%126

Error: (04/02/2012 10:58:52 AM) (Source: Service Control Manager) (User: )
Description: The Wpdusb service terminated with the following error:
%%126

Error: (04/02/2012 10:58:52 AM) (Source: Service Control Manager) (User: )
Description: The Cavasm service terminated with the following error:
%%126

Error: (04/02/2012 10:58:52 AM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

ÁTorrent (Version: 2.2.0)
AAdvantage eShoppingSM Toolbar (Version: 1.514)
ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621)
Acrobat.com (Version: 2.1.0)
Acrobat.com (Version: 2.1.0.0)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.63)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Advanced SystemCare 5 (Version: 5.1.0)
AIM 7
AirPort (Version: 5.5.3.2)
Amazon MP3 Downloader 1.0.12 (Version: 1.0.12)
Anomos 0.9.5 (Version: 0.9.5)
AOL Registration
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ATI Display Driver (Version: 8.231-060221a1-030895C-ATI)
ATI Drivers
AXIS Media Control Embedded
Bing Maps 3D (Version: 4.0.903.16005)
Bonjour (Version: 3.0.0.10)
Bonjour Print Services (Version: 2.0.2.0)
Boxee
Canon CanoScan Toolbox 4.1
CCleaner (Version: 2.30)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Coupon Printer for Windows (Version: 5.0.0.0)
coverXP (remove only)
Creative Audio Console (Version: 1.33)
Creative EAX Settings
Creative MediaSource (Version: 3.00)
Creative MediaSource 5 (Version: 5.26)
Creative Software AutoUpdate (Version: 1.40)
Creative Speaker Settings
Creative System Information
Creative WaveStudio 7 (Version: 7.12)
Dell Driver Download Manager (Version: 2.1.0.0)
Device Control
Download Updater (AOL LLC)
Dropbox (Version: 1.2.52)
DVD-Cover Printmaster 1.4 (Version: 1.4)
DVDFab 7.0.4.0 (15/04/2010)
DVDFab 8.0.7.3 (29/01/2011)
DVDFab 8.1.3.5 (23/11/2011) Qt Beta
EasyBits GO
Evernote v. 4.4.2 (Version: 4.4.2.4912)
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Fences
Fences (Version: 0.95)
GIMP 2.6.11 (Version: 2.6.11)
Glary Utilities 2.43.0.1419 (Version: 2.43.0.1419)
Google Earth (Version: 6.1.0.5001)
Google Gmail Notifier
Google Talk Plugin (Version: 2.6.1.5251)
Google Update Helper (Version: 1.3.21.111)
HP Image Zone 4.0 (Version: 4.0)
HP Software Update (Version: 2.0.39.20040212)
ImgBurn (Version: 2.5.6.0)
Intel® PRO Network Adapters and Drivers
iTuner (Version: 1.2.3769)
iTunes (Version: 10.6.0.40)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
L.A. Noire (Version: 1.00.0000)
Lexmark Printable Web (Version: 1.0.0.0)
Lexmark Pro200-S500 Series
Lexmark Toolbar (Version: 4.13.37.0)
Lexmark Tools for Office (Version: 1.29.0.0)
Logitech Audio Echo Cancellation Component (Version: 10.51.2027)
Logitech Desktop Messenger (Version: 2.54.11)
Logitech Harmony Remote Software 7 (Version: 7.6.0.8)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Logitech QuickCam (Version: 10.51.2029)
Logitech Video Enumerator (Version: 10.51.2027)
LogitechĂ Camera Driver
Magic ISO Maker v5.5 (build 0281)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Automated Troubleshooting Services Shim
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Fix it Center (Version: 1.0.0090)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Converter Pack (Version: 11.0.0.0)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Web Publishing Wizard 1.52
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MVision (Version: 10.51.2027)
NetLibrary Download Manager (Version: 1.0.10.0)
NetLibrary Media Center (Version: 1.2.59.0)
Octoshape add-in for Adobe Flash Player
OpenSSL 0.9.8l Light (32-bit)
Overland (Version: 2.1.5)
PeerGuardian 2.0 (Version: 2.0.6.5)
Photosmart 320,370,7400,8100,8400 Series (Version: 2.0)
Picasa 3 (Version: 3.8)
PS8400 (Version: 1.00.0000)
PSPrinters06 (Version: 1.00.0000)
QFolder (Version: 1.00.0000)
QuickGamma 3.0.0.1 (Version: 3.0.0.1)
QuickTime (Version: 7.71.80.42)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Remote Control USB Driver (Version: 2.3.2.317)
Rockstar Games Social Club (Version: 1.0.0.0)
Safari (Version: 5.34.52.7)
Skype˘ 5.5 (Version: 5.5.124)
Soluto (Version: 1.2.119.0)
Sound Blaster Audigy (Version: 1.0)
SyncBack
The Print Shop 22 (Version: 22.00.0000)
TrayApp (Version: 43.1.5.000)
Uniblue DriverScanner
Unload (Version: 4.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB980302) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 1.1.5 (Version: 1.1.5)
WebFldrs XP (Version: 9.50.6513)
WebReg (Version: 43.1.5.000)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver

========================= Devices: ================================

Name: ACPI Uniprocessor PC
Description: ACPI Uniprocessor PC
Class Guid: {4D36E966-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL

Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: ACPI

Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Intel® Pentium® 4 CPU 2.66GHz
Description: Intel Processor
Class Guid: {50127DC3-0F36-415E-A6CC-4CB3BE910B65}
Manufacturer: Intel
Service: intelppm

Name: System board
Description: System board
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI bus
Description: PCI bus
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: pci

Name: Intel® 82865G/PE/P/GV/82848P Processor to I/O Controller - 2570
Description: Intel® 82865G/PE/P/GV/82848P Processor to I/O Controller - 2570
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service:

Name: Intel® 82865G/PE/P/GV/82848P Processor to AGP Controller - 2571
Description: Intel® 82865G/PE/P/GV/82848P Processor to AGP Controller - 2571
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: pci

Name: ALL-IN-WONDER 9000
Description: ALL-IN-WONDER 9000
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: ATI Technologies Inc.
Service: ati2mtag

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Plug and Play Monitor
Description: Plug and Play Monitor
Class Guid: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard monitor types)
Service:

Name: ALL-IN-WONDER 9000 - Secondary
Description: ALL-IN-WONDER 9000 - Secondary
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: ATI Technologies Inc.
Service: ati2mtag

Name: Standard Universal PCI to USB Host Controller
Description: Standard Universal PCI to USB Host Controller
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Standard Universal PCI to USB Host Controller
Description: Standard Universal PCI to USB Host Controller
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: USB Human Interface Device
Description: USB Human Interface Device
Class Guid: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Manufacturer: (Standard system devices)
Service: HidUsb

Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: mouhid

Name: Standard Universal PCI to USB Host Controller
Description: Standard Universal PCI to USB Host Controller
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Logitech USB Camera (Pro 4000)
Description: Logitech USB Camera (Pro 4000)
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Logitech
Service: usbccgp

Name: Logitech QuickCam Pro 4000
Description: Logitech QuickCam Pro 4000
Class Guid: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Manufacturer: Logitech
Service: CamDrL

Name: Logitech Microphone (Pro 4000)
Description: Logitech Microphone (Pro 4000)
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Logitech
Service: usbaudio

Name: Standard Universal PCI to USB Host Controller
Description: Standard Universal PCI to USB Host Controller
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbehci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR

Name: WD 2500JB External USB Device
Description: Disk drive
Class Guid: {4D36E967-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR

Name: SanDisk Cruzer Contour USB Device
Description: Disk drive
Class Guid: {4D36E967-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service:

Name: Intel® 82801BA/CA PCI Bridge - 244E
Description: Intel® 82801BA/CA PCI Bridge - 244E
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: pci

Name: SB Audigy
Description: SB Audigy
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Creative Technology Ltd.
Service: P17

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Intel® PRO/100 VE Network Connection
Description: Intel® PRO/100 VE Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: E100B

Name: Intel® 82801EB LPC Interface Controller - 24D0
Description: Intel® 82801EB LPC Interface Controller - 24D0
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: isapnp

Name: ISAPNP Read Data Port
Description: ISAPNP Read Data Port
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: System speaker
Description: System speaker
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: System timer
Description: System timer
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Class Guid: {4D36E969-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard floppy disk controllers)
Service: fdc

Name: Floppy disk drive
Description: Floppy disk drive
Class Guid: {4D36E980-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard floppy disk drives)
Service: flpydisk

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt

Name: Communications Port (COM1)
Description: Communications Port
Class Guid: {4D36E978-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard port types)
Service: Serial

Name: ECP Printer Port (LPT1)
Description: ECP Printer Port
Class Guid: {4D36E978-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard port types)
Service: Parport

Name: Printer Port Logical Interface
Description: Printer Port Logical Interface
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: System board
Description: System board
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Standard Dual Channel PCI IDE Controller
Description: Standard Dual Channel PCI IDE Controller
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: pciide

Name: Primary IDE Channel
Description: Primary IDE Channel
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi

Name: WDC WD5000AAKB-00H8A0
Description: Disk drive
Class Guid: {4D36E967-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: ST3160812A
Description: Disk drive
Class Guid: {4D36E967-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: Secondary IDE Channel
Description: Secondary IDE Channel
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi

Name: SAMSUNG DVD-ROM SD-616T
Description: CD-ROM Drive
Class Guid: {4D36E965-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom

Name: HL-DT-ST DVD-RAM GSA-H55L
Description: CD-ROM Drive
Class Guid: {4D36E965-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom

Name: Standard Dual Channel PCI IDE Controller
Description: Standard Dual Channel PCI IDE Controller
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: pciide

Name: Primary IDE Channel
Description: Primary IDE Channel
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi

Name: Secondary IDE Channel
Description: Secondary IDE Channel
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi

Name: Intel® 82801EB SMBus Controller - 24D3
Description: Intel® 82801EB SMBus Controller - 24D3
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service:

Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Volume Manager
Description: Volume Manager
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: ftdisk

Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service:

Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service:

Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service:

Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service:

Name: AFD Networking Support Environment
Description: AFD Networking Support Environment
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AFD

Name: 1394 ARP Client Protocol
Description: 1394 ARP Client Protocol
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Arp1394

Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep

Name: catchme
Description: catchme
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: catchme

Name: COMMONFX.SYS
Description: COMMONFX.SYS
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: COMMONFX.SYS

Name: Creative AC3 Software Decoder
Description: Creative AC3 Software Decoder
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ctac32k

Name: CTAUDFX.SYS
Description: CTAUDFX.SYS
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CTAUDFX.SYS

Name: Creative Proxy Driver
Description: Creative Proxy Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ctprxy2k

Name: CTSBLFX.SYS
Description: CTSBLFX.SYS
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CTSBLFX.SYS

Name: Creative SoundFont Management Device Driver
Description: Creative SoundFont Management Device Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ctsfm2k

Name: dmboot
Description: dmboot
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: dmboot

Name: dmload
Description: dmload
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: dmload

Name: E-mu Plug-in Architecture Driver
Description: E-mu Plug-in Architecture Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: emupia

Name: Fips
Description: Fips
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Fips

Name: TDSS Fixtool driver
Description: TDSS Fixtool driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: FixTDSS

Name: Generic Packet Classifier
Description: Generic Packet Classifier
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Gpc

Name: Creative Hardware Abstract Layer Driver
Description: Creative Hardware Abstract Layer Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ha10kx2k

Name: Creative P16V HAL Driver
Description: Creative P16V HAL Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: hap16v2k

Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HTTP

Name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IpFilterDriver

Name: IP Network Address Translator
Description: IP Network Address Translator
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IpNat

Name: IPSEC driver
Description: IPSEC driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IPSec

Name: ksecdd
Description: ksecdd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ksecdd

Name: Logitech LVPr2Mon Driver
Description: Logitech LVPr2Mon Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LVPr2Mon

Name: mnmdd
Description: mnmdd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mnmdd

Name: mountmgr
Description: mountmgr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mountmgr

Name: NDIS System Driver
Description: NDIS System Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDIS

Name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NdisTapi

Name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Ndisuio

Name: NDProxy
Description: NDProxy
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDProxy

Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null

Name: Creative OS Services Driver
Description: Creative OS Services Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ossrv

Name: ParVdm
Description: ParVdm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ParVdm

Name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RasAcd

Name: RDPCDD
Description: RDPCDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPCDD

Name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Tcpip

Name: VgaSave
Description: VgaSave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VgaSave

Name: VolSnap
Description: VolSnap
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VolSnap

Name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wanarp

Name: Windows Socket 2.0 Non-IFS Service Provider Support Environment
Description: Windows Socket 2.0 Non-IFS Service Provider Support Environment
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WS2IFSL

Name: Audio Codecs
Description: Audio Codecs
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: Legacy Audio Drivers
Description: Legacy Audio Drivers
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: Media Control Devices
Description: Media Control Devices
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: Legacy Video Capture Devices
Description: Legacy Video Capture Devices
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: Video Codecs
Description: Video Codecs
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: Rasl2tp

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NdisWan

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: RasPppoe

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PptpMiniport

Name: WAN Miniport (IP) - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PSched

Name: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PSched

Name: Direct Parallel
Description: Direct Parallel
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: Raspti

Name: WAN Miniport (ATW)
Description: WAN Miniport (ATW)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: America Online, Inc.
Service: wanatw

Name: Terminal Server Keyboard Driver
Description: Terminal Server Keyboard Driver
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: Terminal Server Mouse Driver
Description: Terminal Server Mouse Driver
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: swenum

Name: Microsoft WINMM WDM Audio Compatibility Driver
Description: Microsoft WINMM WDM Audio Compatibility Driver
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: wdmaud

Name: Microsoft Kernel System Audio Device
Description: Microsoft Kernel System Audio Device
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: sysaudio

Name: Microsoft Kernel Wave Audio Mixer
Description: Microsoft Kernel Wave Audio Mixer
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: kmixer

Name: Microcode Update Device
Description: Microcode Update Device
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: update

Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: mssmbios


========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 1534.98 MB
Available physical RAM: 842.51 MB
Total Pagefile: 3434.5 MB
Available Pagefile: 2852.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.2 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.75 GB) (Free:205.88 GB) NTFS
5 Drive f: (Old Drive) (Fixed) (Total:148.96 GB) (Free:16.69 GB) NTFS
6 Drive h: (Backup) (Fixed) (Total:232.88 GB) (Free:0 GB) NTFS
7 Drive i: (Cruzer) (Removable) (Total:7.47 GB) (Free:5.96 GB) FAT32

========================= Users: ========================================

User accounts for \\FAMILYCOMPUTER

Administrator ASPNET Guest
Helen HelpAssistant Jana
Rick SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#8 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:45 AM

Posted 02 April 2012 - 10:47 AM

Hi,

Could you please try the following:

  • Click Start, Control Panel, Network Connections. Right-click on the Local Area Connection and choose Properties.
  • On the General tab, scroll down in the list box till you see Internet Protocol (TCP/IP) and highlight it. Then click on Properties.
  • Now make sure that both Obtain an IP address automatically and Obtain DNS server address automatically are selected.
  • Start > Programs > Accessories > Command prompt
  • Type the following commands
    IPCONFIG /RENEW

Has internet access been restored?

Casey

Edited by Casey_boy, 02 April 2012 - 10:48 AM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#9 haremboss

haremboss
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 02 April 2012 - 11:34 AM

Hi Casey
Obtain IP Address Automatically and DNS Server Address Automatically were both already checked.
After running inconfig/renew, I got the following error:
"An error occurred while renewing interface Local Area Connection: The RPC server is unavailable"
Still no internet access.
Thanks so much!
Rick

#10 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:45 AM

Posted 02 April 2012 - 02:41 PM

D'oh!

I just realised I had a typo in one of the commands I gave you :oopsign: so let's try again!


We're going to reset your TCP/IP stack

  • Start > Programs > Accessories > Command prompt
  • Type the following commands
    netsh winsock reset - hit Enter
    netsh int ip reset c:\resetlog.txt - hit Enter
  • Reboot your PC

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#11 haremboss

haremboss
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 02 April 2012 - 02:58 PM

Hi Casey. I did catch that typo and entered the command correctly earlier. I tried it again just now to be sure and same result.
Is there a way to make the "RPC server" become available? That was the last error message I got per your last post.
Thanks
Rick

#12 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:45 AM

Posted 02 April 2012 - 03:29 PM

Aww shucks. I thought that mighta been it.

Well, it could be that the RPC service isn't running, however I think one of the tools we have run should have picked that up (and it didn't). So I'm going to do a bit more digging and ask a colleague for some advice - hold tight!

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#13 haremboss

haremboss
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 05 April 2012 - 02:25 PM

Hi Casey

I tried turning off the windows firewall and executing the commands you gave me. No change - same error.
Could this be a registry issue? Would running a registry cleaner like Glary Utilities help?
I'm anxious to try something as I haven't been able to use the system in almost 2 weeks but I don't want to cause more damage.
Let me know as soon as you have any more suggestions for me to try.
Thanks for your continued help!
Rick

#14 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:45 AM

Posted 05 April 2012 - 03:40 PM

Hi Rick,

I've asked the developer of the two tools we've run (farbar) to have a look over your topic to see if he has any suggestions. He's a bit of an expert when it comes to internet services, so I'm sure he'll have some good suggestions.

In the meantime, pleas do not run any tools (such as registry cleaners). They're very unlikely to work and probably cause more issues than they would solve.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#15 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:45 AM

Posted 06 April 2012 - 06:21 AM

Hi again,

:step1: We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Services and Drivers sections, please select "All".
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

:step2: Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users